Windows Phone 8 Wi-Fi Vulnerable, Cannot Be Patched


Recommended Posts

Microsoft advises that a cryptographic problem in the PEAP-MS-CHAPv2 protocol used in Windows Phone 8 to provide WPA2 authentication allows a victim's encrypted domain credentials to be collected by an attacker posing as a typical WiFi access point. Redmond further states that this problem cannot be patched, although a set of manually entered configuration changes involving root certificates on all WP8 phones and on WiFi access points will apparently address the issue. WP7.8 phones are likewise vulnerable.

 

 

 

 

 

 

 

Question: Why isn't this on front page?

Link to comment
Share on other sites

If it was in the public standard it'd be vulnerable on any device, including Windows which widely uses MS-CHAPv2, and I haven't heard of that being breached.

 

I'd venture a guess to say it's an error in WP8 programming... Be interesting to see how this story develops.

Link to comment
Share on other sites

It's in the standard.

 

Every device that doesn't enforce signed certificates before the exchange is vulnerable to this.

 

EDIT::
The original disclosure of the issue. Microsoft are just acknowledging the leak in WP. It's not new.

 

http://wifihere.blogspot.com.au/2012/11/peap-mschapv2-vulnerability.html

 

Second edit::

As to why it's not on the front page, it's a next to careface exploit that allows for very targeted attacks on networks running enterprise (ha) encryption schemas without proper configuration.

 

This is a notification for people who need to be told not to stop chain saw chains with their testicles.

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.